The use of encryption for authentication of devices is generally known. Conventionally, a message, or “challenge,” is sent from a system or device to an object to be authenticated, and a message-dependent response is sent by the object to the system in reply. The system then evaluates the response to determine whether the response was sufficient to authenticate the object.
Such a method may be used, for example, to verify components of a system or device, including components that are removable, replaceable or available after-market. For example, an ink cartridge for an ink jet printer can be authenticated to determine whether it is an authorized and compatible cartridge for the particular printer. If the cartridge is successfully authenticated, normal printer operation utilizing that cartridge ensues. In an attempted use of a cartridge that is not successfully authenticated, no operation or only limited operation could be authorized as a result of the failed authentication procedure.
Counterfeiters, however, can attempt to circumvent authentication procedures through brute force cloning of the authentication chip, producing great numbers of devices with seemingly authentic though identical authentication chips. In online and networked applications, blacklisting is often used to detect these clones, with a database of blacklisted devices available for checking. Many devices for which authentication and/or counterfeit and cloning prevention is desired, however, are not networked, providing no opportunity for automatic comparison against such a database. Therefore, prevention of this and other types of counterfeiting and the use of blacklisting, for example in low-cost, high volume non-networked devices, is desired.